From owner-svn-src-head@freebsd.org Mon May 6 18:45:09 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 282C01592535; Mon, 6 May 2019 18:45:09 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-it1-x129.google.com (mail-it1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AA02B84392; Mon, 6 May 2019 18:45:08 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-it1-x129.google.com with SMTP id r85so21549922itc.2; Mon, 06 May 2019 11:45:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=AQLwyW+jYhkdTHuSIiwmnpleMM9+jmVEL1V47fMGJ2U=; b=cc5R4yCHmyAy8vXKWyxGUrR/gSjkXXe6V+R5eJYJBF6U3iGPaKrZ+3vKaG4+AFC5Xd Z2AqEtIVaZ8PAR7is0iqTD5gcequvBTeVcoru1SycGW79WTkaKVvPnyHxOglvR0j1CFk V8ykcWflkI8LHWRLZ5lHU6q+iG+4AL0c41p4TPGexTB9XUhhs7CURPGu1qlSd5Ft/Gp4 hzk3cO3wR/H3yO/U+U2+EHouB+7q2VU+3MqRZT2BQQEFFtFGbjpcu9KpZwyCqm5DOcd3 YAkkr8V9rWSZArnFpDQQ1GdWR1S6a49utPfUD+GBm7DcZ22lFY++pDuRmPM/iJYSJN+J J8SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=AQLwyW+jYhkdTHuSIiwmnpleMM9+jmVEL1V47fMGJ2U=; b=nmPQ2c0v5UP/qrCP0y2jkwujrff9Q3Nxoha6YFxWTM3GwI+Up7FLaUlxZzqj49d4o8 orTu+Y9gMqiT2gIE8QnFCu/q8JLX6f0FGU5trubfhkT9C5Scb/muptwYzL4/WG0fW7yy pnWqjZ6knkHoLdj+TTIXyxxWJfJRVIyarTI+Al4ppPtJpCy5FbADzjrMFHh5ewUzPWYw It8EG49npUpswtEE5UETRLer7S+efao74b9OZbLqVK7ejW0Vb5xFPZm8r6V4OdWrNrcs n0S7tbkrwSM27+GBdKiLFSuM6NYgnnLxmjawo/iPxaORM8v1p5C71/PbHO2ImlgnQN+6 sjtg== X-Gm-Message-State: APjAAAVM3eZjc1Ijtmgw4e3oNpMuU9ZzoAGhghfHI6Zn8AvIr71f1Q1V LBrmeEe6d0uRHlj4b4/rkFZSE5D9 X-Google-Smtp-Source: APXvYqy8a+7Bs2R65myYYvvvz97S+cdIFN9T+xmnFIY8a1wBuYO2xfTTrBF19yrqUKwXGL1Dk4/fhw== X-Received: by 2002:a24:df84:: with SMTP id r126mr19661510itg.113.1557168307619; Mon, 06 May 2019 11:45:07 -0700 (PDT) Received: from raichu (toroon0560w-lp140-01-69-159-36-31.dsl.bell.ca. [69.159.36.31]) by smtp.gmail.com with ESMTPSA id t67sm5292502ita.35.2019.05.06.11.45.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 06 May 2019 11:45:06 -0700 (PDT) Sender: Mark Johnston Date: Mon, 6 May 2019 14:45:02 -0400 From: Mark Johnston To: John Baldwin Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r347063 - head/sys/kern Message-ID: <20190506184502.GA35464@raichu> References: <201905032126.x43LQilu092655@repo.freebsd.org> <335d828e-ac61-bc59-bac3-f80f27b951c7@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <335d828e-ac61-bc59-bac3-f80f27b951c7@FreeBSD.org> User-Agent: Mutt/1.11.4 (2019-03-13) X-Rspamd-Queue-Id: AA02B84392 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.97 / 15.00]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.97)[-0.966,0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2019 18:45:09 -0000 On Mon, May 06, 2019 at 11:07:18AM -0700, John Baldwin wrote: > On 5/3/19 2:26 PM, Mark Johnston wrote: > > Author: markj > > Date: Fri May 3 21:26:44 2019 > > New Revision: 347063 > > URL: https://svnweb.freebsd.org/changeset/base/347063 > > > > Log: > > Disallow excessively small times of day in clock_settime(2). > > > > Reported by: syzkaller > > Reviewed by: cem, kib > > MFC after: 1 week > > Sponsored by: The FreeBSD Foundation > > Differential Revision: https://reviews.freebsd.org/D20151 > > > > Modified: > > head/sys/kern/kern_time.c > > > > Modified: head/sys/kern/kern_time.c > > ============================================================================== > > --- head/sys/kern/kern_time.c Fri May 3 21:13:09 2019 (r347062) > > +++ head/sys/kern/kern_time.c Fri May 3 21:26:44 2019 (r347063) > > @@ -412,7 +412,9 @@ kern_clock_settime(struct thread *td, clockid_t clock_ > > if (ats->tv_nsec < 0 || ats->tv_nsec >= 1000000000 || > > ats->tv_sec < 0) > > return (EINVAL); > > - if (!allow_insane_settime && ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60) > > + if (!allow_insane_settime && > > + (ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60 || > > + ats->tv_sec < utc_offset())) > > return (EINVAL); > > /* XXX Don't convert nsec->usec and back */ > > TIMESPEC_TO_TIMEVAL(&atv, ats); > > Pardon my ignorance, but I can't see why you are checking against utc_offset() > vs some small constant? None of the discussion in the review mentioned the > reason for using this particular value, and I didn't see any comparisons > against utc_offset or kernadjtz in kern_clock_setttime() or settime() that > would have underflowed or panicked. Can you give a bit more detail on why > utc_offset() is the lower bound? Thanks. I chose it because we subtract utc_offset() from the time passed in to clock_settime(); see settime_task_func(). That subtraction caused the underflow that later caused the observed panics.